From 8222bc0369addf9f248abeb4da5bd36726eea164 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 29 May 2024 13:28:57 +0000
Subject: [PATCH] Bump github.com/tektoncd/pipeline from 0.60.0 to 0.60.1

Bumps [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) from 0.60.0 to 0.60.1.
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](https://github.com/tektoncd/pipeline/compare/v0.60.0...v0.60.1)

---
updated-dependencies:
- dependency-name: github.com/tektoncd/pipeline
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod                                                |  2 +-
 go.sum                                                |  4 ++--
 .../pkg/apis/pipeline/v1/container_validation.go      | 11 +++++++----
 .../pkg/apis/pipeline/v1beta1/container_validation.go | 11 +++++++----
 vendor/modules.txt                                    |  2 +-
 5 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/go.mod b/go.mod
index 10fd4b320..78367c394 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/tektoncd/chains v0.21.0
 	github.com/tektoncd/hub v1.17.0
-	github.com/tektoncd/pipeline v0.60.0
+	github.com/tektoncd/pipeline v0.60.1
 	github.com/tektoncd/plumbing v0.0.0-20230907180608-5625252a2de1
 	github.com/tektoncd/triggers v0.27.0
 	github.com/theupdateframework/go-tuf v0.7.0
diff --git a/go.sum b/go.sum
index 7497eb187..4a294e30d 100644
--- a/go.sum
+++ b/go.sum
@@ -1291,8 +1291,8 @@ github.com/tektoncd/chains v0.21.0 h1:ABv2/xFtxPi3rFj0Yd5DVKC4zp5AmswiAxk+XZjdy6
 github.com/tektoncd/chains v0.21.0/go.mod h1:iC6MunbSGJrES1RH+zR0gBOCXXr15hi2SPgVBseYq4Y=
 github.com/tektoncd/hub v1.17.0 h1:BKUDeQoC7PLlJmeNt86eEP4lYBXE5pIUZYlrgHcVwl4=
 github.com/tektoncd/hub v1.17.0/go.mod h1:8SnC66jMZtYFVuh70U1wN91/tJpi7nQX+7V5YsnWIAE=
-github.com/tektoncd/pipeline v0.60.0 h1:4CQ1ZIJcoOM8lRB1B+WccLongTVoygcrvOzZz819P1c=
-github.com/tektoncd/pipeline v0.60.0/go.mod h1:7bCvVXxBB06Ee7GVqYp+UKgUN5IadFvvH9wdLds5jZE=
+github.com/tektoncd/pipeline v0.60.1 h1:SRQ0p3LXBMtG4jcLBVmhENjrQIevah9CSo3jEvKpZDk=
+github.com/tektoncd/pipeline v0.60.1/go.mod h1:7bCvVXxBB06Ee7GVqYp+UKgUN5IadFvvH9wdLds5jZE=
 github.com/tektoncd/plumbing v0.0.0-20230907180608-5625252a2de1 h1:9paprRIBXQgcvdhGq3wKiSspXP0JIFSY52ru3sIMjKM=
 github.com/tektoncd/plumbing v0.0.0-20230907180608-5625252a2de1/go.mod h1:7eWs1XNkmReggow7ggRbRyRuHi7646B8b2XipCZ3VOw=
 github.com/tektoncd/triggers v0.27.0 h1:c55e/YJF6Vs5BEarqDYksFYuR4sFbmAVEqrLNPZvXUk=
diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_validation.go
index a145da01d..ec55189bc 100644
--- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_validation.go
+++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/container_validation.go
@@ -18,11 +18,11 @@ package v1
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 
-	"net/url"
-
 	"github.com/tektoncd/pipeline/pkg/apis/config"
 	"k8s.io/apimachinery/pkg/util/validation"
 	"knative.dev/pkg/apis"
@@ -91,6 +91,9 @@ func (ref *Ref) Validate(ctx context.Context) (errs *apis.FieldError) {
 
 // RefNameLikeUrl checks if the name is url parsable and returns an error if it isn't.
 func RefNameLikeUrl(name string) error {
-	_, err := url.ParseRequestURI(name)
-	return err
+	schemeRegex := regexp.MustCompile(`[\w-]+:\/\/*`)
+	if !schemeRegex.MatchString(name) {
+		return errors.New("invalid URI for request")
+	}
+	return nil
 }
diff --git a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_validation.go b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_validation.go
index b9f66375d..dc1b60d15 100644
--- a/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_validation.go
+++ b/vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/container_validation.go
@@ -18,11 +18,11 @@ package v1beta1
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"regexp"
 	"strings"
 
-	"net/url"
-
 	"github.com/tektoncd/pipeline/pkg/apis/config"
 	"k8s.io/apimachinery/pkg/util/validation"
 	"knative.dev/pkg/apis"
@@ -91,6 +91,9 @@ func (ref *Ref) Validate(ctx context.Context) (errs *apis.FieldError) {
 
 // RefNameLikeUrl checks if the name is url parsable and returns an error if it isn't.
 func RefNameLikeUrl(name string) error {
-	_, err := url.ParseRequestURI(name)
-	return err
+	schemeRegex := regexp.MustCompile(`[\w-]+:\/\/*`)
+	if !schemeRegex.MatchString(name) {
+		return errors.New("invalid URI for request")
+	}
+	return nil
 }
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 5c5ce7f4b..6d7ae6448 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1381,7 +1381,7 @@ github.com/tektoncd/hub/api/v1/gen/http/catalog/client
 github.com/tektoncd/hub/api/v1/gen/http/resource/client
 github.com/tektoncd/hub/api/v1/gen/resource
 github.com/tektoncd/hub/api/v1/gen/resource/views
-# github.com/tektoncd/pipeline v0.60.0
+# github.com/tektoncd/pipeline v0.60.1
 ## explicit; go 1.21
 github.com/tektoncd/pipeline/internal/artifactref
 github.com/tektoncd/pipeline/pkg/apis/config